While most in-house counsel and senior management understand the importance of training and compliance in a general sense, many do not have the time to focus on enhancements that will mitigate both personal and corporate liability while reducing legal risks. While internal training, anti-corruption certifications and questionnaires, and having a compliance manual form the basis of a decent compliance program, there are other specific compliance steps that will boost your company’s compliance program, making it up-to-date and practical. Additionally, companies with robust compliance programs are less prone to violate the law and are more likely to be treated leniently by enforcement authorities. Have you reviewed your program recently?
1. Craft clear procedures.
Procedures matter. Effective compliance programs should not only identify the laws that affect the company’s business, but should also create internal procedures to ensure that the program is implemented throughout the company and that the company's compliance activities are well-documented at all levels. A company's compliance manual should be comprehensive, covering a wide range of topics such as export controls, economic and trade sanctions, anti-boycott regulations, and all applicable anti-bribery requirements. For example, do you do any business in the U.K.? If so, your anti-corruption training and written requirements should include the U. K. Bribery Act, which is broader than the Foreign Corrupt Practices Act.
Procedures should be narrowly tailored for each topic and include specific tasks to be executed by groups of employees responsible for compliance thereunder. Clearly identifying the names of compliance officers or departments is a must as well as instituting mechanisms for holding compliance officers and managers accountable. Procedures include how employees will document compliance efforts, who will be responsible for each decision, and when and how internal procedures will be audited. These suggestions apply to all aspects of global trade compliance and will minimize risk with your daily export procedures, import tariff classifications, and anti-corruption due diligence.
Additionally, a good compliance program should make it every employee’s responsibility to be vigilant in identifying and reporting violations and make clear that it is the company's policy to enforce employees' obligations under the program. Recent enforcement cases show that it does take the entire company to get it right, especially when compliance is shared among several different parts of the company. Logistics may think legal has it covered while others may think that supply chain management, internal audit, or purchasing are in charge of certain processes.
Requiring employees to complete internal forms or checklists and using contracts that incorporate compliance requirements for buyers, agents, and distributors are another means of bolstering compliance. For instance, buyers might be required to sign sales contracts that stipulate that they will not violate any U.S. export control laws. Agents and distributors might be required to complete questionnaires and undergo background checks in order to identify any red flags that might signal potential violations of economic sanctions or anti-boycott laws.
2. Tailor employee training.
Training alone is insufficient. For training to be effective, it must be in-depth and tailored to meet the needs of a particular company and even a particular part of the world to ensure that cultural understandings and language barriers do not impede effective training. Good training will be tailored to a company's existing methods of doing business. Individual training sessions may be most productive when tailored by job function within the company. The best training is in person by a non-manager so employees can feel comfortable asking questions. Good training should be practical, covering not only what the law is but how employees can be proactive to protect the company.
The ultimate aim should always be prevention through practice of effective due diligence. For example, accounting personnel may be trained to spot suspicious charitable contributions by local representatives that are red flags for potential FCPA violations. Or, for instance, human resources employees in high-technology companies should be trained on export control rules governing "deemed exports." Deemed exports are transfers of U.S. government-controlled technology to foreign persons in the United States and are often strictly controlled. Because high-technology companies that hire foreign workers under specific U.S. visa categories are often asked to make certain certifications regarding deemed exports, it is important that human resources employees in these companies be trained so that they can coordinate effectively with export compliance officers and address the overlap between U.S. immigration and export control laws.
Training must include internal procedures for reporting violations. Given the increased risk of prosecution from whistleblowers thanks to the leniency of U.S. prosecutors and the incentives for companies to report violations of competitors, it is more important than ever that companies train employees to identify violations that may have been committed by other employees before they are identified by prosecutors.
3. Everything starts with senior management.
An effective compliance program starts at the top. No question. Because boards of directors, officers, and senior management set the "tone at the top" that will then trickle down to all employees in the company, securing the buy-in of senior management is the key to a successful program. Routine trade and anti-bribery compliance updates by senior management to a company's board of directors signal that senior management is serious about compliance.
Additionally, regulators like to see board-level attention to compliance issues. Senior management can further show its commitment to compliance by holding cross-department meetings, honoring employees for their compliance efforts, posting compliance updates on the company's intranet pages, and working with in-house counsel and compliance experts to provide updates on recent legal changes or examples of enforcement actions that warn other employees of the dangers of non-compliance. "Compliance Minutes" and discussion groups are real possibilities within big companies. Compliance is a serious matter. The goal is for employees to know that management has their back. No deal is so sweet that compliance procedures should be ignored. The result is a culture of compliance that permeates all levels of the company.
4. The devil is in the details.
The government loves to see specific procedures tailored for your business with current details. Are you aware that new definitions of export terms were released from the Departments of Commerce and State on June 3, 2016? How about the changes for Cuba and Iran under the new Office of Foreign Assets Control (OFAC) regulations? More importantly: does your manual, procedures, and employee training reflect these changes such that your global regional managers know how to ensure that your employees understand what the practical effects of the changes are?
5. Recognize the need for technical expertise.
Because export and import transactions involve overlapping regulations and often are exceedingly technical, it is important to recognize when technical expertise is needed. Both export and import classification is best performed by an in-house export control officer in consultation with an export lawyer. Remember, brokers are your agents and are not responsible for product classification. For instance, the export compliance officer should follow an established method for determining whether products are subject to the State Department's U.S. Munitions List (USML) or the Commerce Department's Commerce Control List (CCL), and if so, what regulations will apply. If a company cannot "self-classify" a product, it should seek assistance from outside counsel or request a binding ruling from the government.
In addition, companies must also be aware of the Treasury Department regulations for economic and trade sanctions, which are administered by the OFAC. Economic and trade sanctions can be country-wide or specific to particular entities and individuals. They are constantly changing, multi-layered, and as a result, require particular attention to detail. For example, a gradual easing of trade sanctions on Cuba and Iran have opened up new opportunities for exports in these countries, though companies must still carefully determine which transactions are allowed, which are still prohibited, and which require a specific license from OFAC.
While achieving an effective compliance program requires a serious investment of company resources and attention, the payoff is considerable. For instance, in recently announcing new guidance on voluntary self-disclosures of export control violations, the Commerce Department acknowledged that only 3 percent of voluntary self-disclosures result in monetary penalties. Out of those that do, it is typical to reduce penalties up to 50 percent. The guidance reflects an approach shared throughout the government to reward strong compliance programs capable of spotting violations when they do occur. In short, compliance pays off.
The author would like to acknowledge the assistance of Ragan Updegraff, a 2017 Georgetown University Law School candidate, with this article.